gcloud assured workloads create

NAME
gcloud assured workloads create - create a new Assured Workloads environment
SYNOPSIS
gcloud assured workloads create --billing-account=BILLING_ACCOUNT --compliance-regime=COMPLIANCE_REGIME --display-name=DISPLAY_NAME --location=LOCATION --organization=ORGANIZATION [--enable-sovereign-controls=ENABLE_SOVEREIGN_CONTROLS] [--external-identifier=EXTERNAL_IDENTIFIER] [--labels=[KEY=VALUE,…]] [--next-rotation-time=NEXT_ROTATION_TIME] [--partner=PARTNER] [--partner-permissions=[KEY=VALUE,…]] [--partner-services-billing-account=PARTNER_SERVICES_BILLING_ACCOUNT] [--provisioned-resources-parent=PROVISIONED_RESOURCES_PARENT] [--resource-settings=[KEY=VALUE,…]] [--rotation-period=ROTATION_PERIOD] [GCLOUD_WIDE_FLAG]
DESCRIPTION
Create a new Assured Workloads environment
EXAMPLES
The following example command creates a new Assured Workloads environment with these properties:
  • belonging to an organization with ID 123
  • located in the us-central1 region
  • display name Test-Workload
  • compliance regime FEDRAMP_MODERATE
  • billing account billingAccounts/456
  • first key rotation set for 10:15am on the December 30, 2020
  • key rotation interval set for every 48 hours
  • with the label: key = 'LabelKey1', value = 'LabelValue1'
  • with the label: key = 'LabelKey2', value = 'LabelValue2'
  • provisioned resources parent 'folders/789'
  • with custom project id 'my-custom-id' for consumer project
  • with external identifier for the workload of 'external-id'
gcloud assured workloads create --organization=123 --location=us-central1 --display-name=Test-Workload --compliance-regime=FEDRAMP_MODERATE --billing-account=billingAccounts/456 --next-rotation-time=2020-12-30T10:15:00.00Z --rotation-period=172800s --labels=LabelKey1=LabelValue1,LabelKey2=LabelValue2 --provisioned-resources-parent=folders/789 --resource-settings=consumer-project-id=my-custom-id --external-identifier=external-id
The following example command creates a new Partner Assured Workloads, with the following properties:
  • belonging to an organization with ID 123
  • located in the me-central2 region
  • display name Test-Workload
  • partner CNTXT
  • partner services billing account billingAccounts/789
  • billing account billingAccounts/456
  • data logs viewer partner permission enabled
  • first key rotation set for 10:15am on the December 30, 2020
  • key rotation interval set for every 48 hours
  • with the label: key = 'LabelKey1', value = 'LabelValue1'
  • with the label: key = 'LabelKey2', value = 'LabelValue2'
  • provisioned resources parent 'folders/789'
  • with custom project id 'my-custom-id' for consumer project
  • with external identifier for the workload of 'external-id'
gcloud assured workloads create --organization=123 --location=me-central2 --display-name=Test-Workload --compliance-regime=ASSURED_WORKLOADS_FOR_PARTNERS --partner=SOVEREIGN_CONTROLS_BY_CNTXT --partner-services-billing-account=billingAccounts/01BF3F-2C6DE5-30C607 --partner-permissions=data-logs-viewer=true --billing-account=billingAccounts/456 --next-rotation-time=2020-12-30T10:15:00.00Z --rotation-period=172800s --labels=LabelKey1=LabelValue1,LabelKey2=LabelValue2 --provisioned-resources-parent=folders/789 --resource-settings=consumer-project-id=my-custom-id --external-identifier=external-id
REQUIRED FLAGS
--billing-account=BILLING_ACCOUNT
The billing account of the new Assured Workloads environment, for example, billingAccounts/0000AA-AAA00A-A0A0A0
--compliance-regime=COMPLIANCE_REGIME
The compliance regime of the new Assured Workloads environment. COMPLIANCE_REGIME must be one of: assured-workloads-for-partners, au-regions-and-us-support, ca-protected-b, ca-regions-and-support, cjis, eu-regions-and-support, fedramp-high, fedramp-moderate, healthcare-and-life-sciences-controls, healthcare-and-life-sciences-controls-us-support, hipaa, hitrust, il2, il4, il5, irs-1075, isr-regions, isr-regions-and-support, itar, jp-regions-and-support, ksa-regions-and-support-with-sovereignty-controls, regional-controls, us-regional-access.
--display-name=DISPLAY_NAME
The display name of the new Assured Workloads environment
--location=LOCATION
The location of the new Assured Workloads environment. For a current list of supported LOCATION values, see Assured Workloads locations.
--organization=ORGANIZATION
The parent organization of the new Assured Workloads environment, provided as an organization ID
OPTIONAL FLAGS
--enable-sovereign-controls=ENABLE_SOVEREIGN_CONTROLS
If true, enable sovereign controls for the new Assured Workloads environment, currently only supported by EU_REGIONS_AND_SUPPORT
--external-identifier=EXTERNAL_IDENTIFIER
The external identifier of the new Assured Workloads environment
--labels=[KEY=VALUE,…]
The labels of the new Assured Workloads environment, for example, LabelKey1=LabelValue1,LabelKey2=LabelValue2
--next-rotation-time=NEXT_ROTATION_TIME
The next rotation time of the KMS settings of new Assured Workloads environment, for example, 2020-12-30T10:15:30.00Z
--partner=PARTNER
The partner choice when creating a workload managed by local trusted partners. PARTNER must be one of: local-controls-by-s3ns, sovereign-controls-by-cntxt, sovereign-controls-by-cntxt-no-ekm, sovereign-controls-by-psn, sovereign-controls-by-sia-minsait, sovereign-controls-by-t-systems.
--partner-permissions=[KEY=VALUE,…]
The partner permissions for the partner regime, for example, data-logs-viewer=true/false
--partner-services-billing-account=PARTNER_SERVICES_BILLING_ACCOUNT
Billing account necessary for purchasing services from Sovereign Partners. This field is required for creating SIA/PSN/CNTXT partner workloads. The caller should have 'billing.resourceAssociations.create' IAM permission on this billing-account. The format of this string is billingAccounts/AAAAAA-BBBBBB-CCCCCC
--provisioned-resources-parent=PROVISIONED_RESOURCES_PARENT
The parent of the provisioned projects, for example, folders/{FOLDER_ID}
--resource-settings=[KEY=VALUE,…]
A comma-separated, key=value map of custom resource settings such as custom project ids, for example: consumer-project-id={CONSUMER_PROJECT_ID} Note: Currently only consumer-project-id, consumer-project-name, encryption-keys-project-id, encryption-keys-project-name and keyring-id are supported. The encryption-keys-project-id, encryption-keys-project-name and keyring-id settings can be specified only if KMS settings are provided
--rotation-period=ROTATION_PERIOD
The rotation period of the KMS settings of the new Assured Workloads environment, for example, 172800s
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
These variants are also available:
gcloud alpha assured workloads create
gcloud beta assured workloads create